package cn.edu.zut.hhr.filter;

import cn.edu.zut.hhr.entity.SecurityUser;
import cn.edu.zut.hhr.entity.User;
import cn.edu.zut.hhr.utils.RedisUtil;
import cn.edu.zut.hhr.utils.ResponseUtil;
import cn.edu.zut.hhr.utils.RestResponse;
import cn.edu.zut.hhr.utils.TokenUtil;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

public class TokenLoginFilter extends UsernamePasswordAuthenticationFilter {

    RedisUtil redisUtil;

    public TokenLoginFilter(AuthenticationManager authenticationManager, RedisUtil redisUtil) {
        super(authenticationManager);
        this.redisUtil = redisUtil;
        this.setPostOnly(false);
        //设置登录路径及提交方式
        this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login","POST"));
    }

    /**
     * 先空着,待会在详细写权限啥的
     * @param request
     * @param response
     * @return
     * @throws AuthenticationException
     */
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException {
        String username = this.obtainUsername(request);
        username = username != null ? username : "";
        username = username.trim();
        String password = this.obtainPassword(request);
        password = password != null ? password : "";
        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
        this.setDetails(request, authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
            throws IOException, ServletException {
        HttpSession session = request.getSession();
        SecurityUser securityUser = (SecurityUser)authResult.getPrincipal();
        User user = securityUser.getUser();
        session.setAttribute("userid",user.getId());
        session.setAttribute("username",user.getUname());
        String username = securityUser.getUsername();
        String token = TokenUtil.createToken(username);
        ResponseUtil.out(response, RestResponse.success("token",token));
        redisUtil.sSet(username,securityUser.getRoles().toArray());
    }

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
            throws IOException, ServletException {
        System.out.println("登录失败");
    }
}
